© 2021 www.richardwalz.com
Richard Walz
All rights reserved.

Intro Microsoft Defender for Endpoint (MDE) has had numerous improvements since its inception just a few years ago. Many powerful features have been introduced including impressive enrichment correlation from systems like Defender for Identity. Still, with any product, there have ...

Microsoft has announced they will be backporting several security features which are only available in Server 2019 into older Server operating systems.  This will help unify and reduce feature fragmentation. I hope we will see Isolate capabilities soon too. Server ...

What is the BlackBerry Enterprise Store and why would I want to use it? What is a BlackBerry Container? The BlackBerry Enterprise Store is where an organization approves authorized applications that users can download and use. The BlackBerry (BB) container ...

Minor Update: 9/21/2021 Carbon Black Live Response is a consistently fast and reliable remote command-line tool for responding to security alerts. The same commands should also work for Carbon Black Defense. Most of these commands will work within other tools ...

What is Red team? Red Team in cyber security means that you are on the attacker’s side. You play the role of being the adversary to the organization or situation. This means you are trying to break or bypass physical ...

The Problem: We need to block access to the docker containers, but only allow specific IP addresses to connect. We only want the following IP addresses to be allowed to connect to the docker containers 192.168.86.10 192.168.86.11 The solution: Install ...

This may not be the best way. However, this method has worked for me. Here we are reinstalling ufw. This is to ensure all the files exist on the machine so we can fully reset ufw in the next step. ...

Over the past few months, I have had a few conversations with different cybersecurity leaders who are thinking of or are in the progress of building out their own security operation team to deal with threats. The first thing that ...

While Microsoft has made progress and improvements in update and restart area to help elminate the number of reboots needed for a system it has not been able to fully do so. Microsoft has also incorporated several features to improve ...

Impact The ADFS replication service can be abused to steal the token signing cert as the service is not encrypted and does not require authentication to access. Solution (for single ADFS server) Apply a firewall rule so that inbound tcp/80 ...